Monday, January 6, 2014

Kali Forensics: rahash2

rahash2 is another hashing tool in the distribution, it's part of the radare2 malware reverse engineering toolkit. The unique thing about this application, is that it's capable hash only part of a file, or blocks of a file. It supports the following hashes: md4, md5, sha1, sha256, sha384, sha512, crc16, crc32, xor, xorpair, parity, mod255, hamdist, entropy, pcprint

Let's see it in action:

We can do regular hashes with specifying the algorithm (by default it's SHA-1), as with any other hashing tool:

To calculate hashes of smaller blocks, we need to specify the blocksize (-b) and need to instruct to show per-block hashes (-B); if we forget this it will show only the full file hash, regardless of the block size.